Skip to content

jtalk22/slack-mcp-server

v4.0.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP SaaS Integrations
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

platform-commercial status-live

Affected surfaces

auth

Summary

AI summary

README rewritten with clearer positioning and install configs for major clients.

Full changelog

16 tools, one-command setup, works where Slack's official MCP server doesn't.

Slack's official MCP requires a registered app and admin approval, and doesn't work with Claude Code or GitHub Copilot due to OAuth/DCR incompatibility. This server uses your browser session instead — no app registration, no admin, no OAuth.

What you get

  • 16 tools — search, messages, threads, DMs, reactions, unreads, user lookup, send messages. 12 read-only, 4 write-path with MCP safety annotations.
  • One-command setupnpx -y @jtalk22/slack-mcp --setup handles token extraction and validation.
  • Works with everything — Claude Desktop, Claude Code, Cursor, Copilot, Gemini, Windsurf, and any other stdio MCP client.
  • macOS auto-refresh — tokens extracted from Chrome automatically. No manual rotation.
  • Hosted HTTP mode — for remote deployments (Cloudflare Worker, VPS, Docker).

What changed from v3.2.5

  • README rewritten with clearer positioning and inline install configs for every major client
  • 25 internal files removed (launch ops, commercial automation) — net -2,762 lines
  • Security: fs.chmodSync on token writes, API key redaction, safeParseInt on numeric params
  • Cloudflare worker updated from 11 to 16 tools
  • Editor MCP config for local development

Compatibility

All 16 MCP tools unchanged. No renames or removals. Existing configs continue to work.

Install

npx -y @jtalk22/slack-mcp --setup

Security Fixes

  • Added `fs.chmodSync` on token writes, API key redaction, and `safeParseInt` on numeric parameters to harden security
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track jtalk22/slack-mcp-server

Get notified when new releases ship.

Sign up free

About jtalk22/slack-mcp-server

Your complete Slack context for Claude—DMs, channels, threads, search. No OAuth apps, no admin approval. `--setup` and done, 11 tools, auto-refresh.

All releases →

Related context

Beta — feedback welcome: [email protected]